<?php
require_once "Base/db.php";

$username = (isset($_POST['username']))?$_POST['username']:$_GET['username'];
$passwd = (isset($_POST['passwd']))?$_POST['passwd']:$_GET['passwd'];

$username = urldecode($username);

$sql = "SELECT e.staff_id, e.name, p.post_name, p.post_degree, c.comp_name FROM employee e INNER JOIN posts p ON p.post_id=e.post INNER JOIN companies c ON c.id=e.in_company WHERE e.name='{$username}' AND e.pass=MD5('{$passwd}')";
$r = gQuery($sql);

echo "<?xml version=\"1.0\" encoding=\"utf-8\"?>";
$xml = "
<users>";
if(count($r)>0){
	$xml .= "
<user>
	<id>{$r[0]['staff_id']}</id>
	<name>{$r[0]['name']}</name>
	<post_name>{$r[0]['post_name']}</post_name>
	<post_degree>{$r[0]['post_degree']}</post_degree>
	<comp_name>{$r[0]['comp_name']}</comp_name>
</user>";
}else{
	$xml .= "
	<user>nouser</user>";
}
$xml .= "
</users>"
;
echo $xml;

?>